Mirai Used as Payload in Hadoop YARN Vulnerability

A Mirai variant has been discovered targeting unpatched Linux servers, shifting the use of the malicious payload beyond the internet of things (IoT), according to new research from NETSCOUT ASERT. Using their honeypot network to monitor the tens of thousands of daily exploit attempts for the Hadoop YARN vulnerability, Arbor’s Security Engineering and Response Team (ASERT) researchers surprisingly found the all-too-familiar Mirai payload. "Mirai botmasters have found they can target Linux servers just as easily as IoT devices. They attack the servers themselves rather than rely on the bots to propagate, since servers tend not to move around the network or get powered down,” said Matt Bing, security research analyst at NETSCOUT. “Servers make an attractive target for DDoS bots for their network speed and hardware resources, compared to relatively underpowered IoT devices. What we've seen is Linux servers being conscripted to the same botnets as IoT devices. In the future we can expect more DDoS botnets with both infected IoT devices and Linux servers, like an army of foot soldiers being supported by tanks."